Use SSH short-lived certificates for other hostnames

Dear all,

I have successfully set up SSH short-lived certificates for one host (eg. but now I’m trying to reuse those certificates for all domains under my zone, without having to proxy them through Access.

I’ve been able to do so for a single host by adding the following to my SSH local config:

  ProxyCommand bash -c '/opt/homebrew/bin/cloudflared access ssh-gen --hostname; ssh -tt %[email protected] >&2 <&1'

  IdentityFile ~/.cloudflared/
  CertificateFile ~/.cloudflared/

It works just fine but now I’m at my limits of SSH config. I’d like to generalize with a wildcard. Eg. Host *, any idea on how I could achieve this?

I know this is not fully supported by Cloudflare, but I’d appreciate any help ; )